-
Notifications
You must be signed in to change notification settings - Fork 77
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement method HEAD in ApiListener #6062
Conversation
@Yale96, can you check (or perhaps add a check) that no real content data is received if the HEAD method is used? Maybe we need to add something to prevent that (or that it is used to by pass security etc). |
Indeed please add a test for this. I see nothing in code now to prevent data from being returned. |
core/src/main/java/org/frankframework/http/rest/ApiListener.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
As discussed in daily.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looking good. Just a few minor remarks to consider.
core/src/test/java/org/frankframework/http/rest/ApiListenerServletTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/org/frankframework/http/rest/ApiListenerTest.java
Outdated
Show resolved
Hide resolved
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
In addition to the comments on the PR also on all affected files change the copyright-year to include the year 2024! :-)
core/src/test/java/org/frankframework/http/rest/ApiListenerServletTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/org/frankframework/http/rest/ApiListenerServletTest.java
Outdated
Show resolved
Hide resolved
core/src/test/java/org/frankframework/http/rest/ApiListenerTest.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/frankframework/http/rest/ApiListenerServlet.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/frankframework/http/rest/ApiListenerServlet.java
Outdated
Show resolved
Hide resolved
core/src/main/java/org/frankframework/http/rest/ApiListener.java
Outdated
Show resolved
Hide resolved
if (result == null && method == ApiListener.HttpMethod.HEAD) { | ||
MimeType contentType = determineContentType(messageContext, listener, null); | ||
response.setContentType(contentType.toString()); | ||
} | ||
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Two comments on this:
result == null
is not the same asMessage.isEmpty(result)
- I think that since both blocks have same content you can merge the if-conditions:
if (!Message.isEmpty(result) || method == ApiListener.HttpMethod.HEAD))
@@ -1198,8 +1225,11 @@ public void testRequestWithAccept(Methods method) throws Exception { | |||
|
|||
// Assert | |||
assertEquals(200, result.getStatus()); | |||
Message input = requestMessage; | |||
assertEquals("application/xml", input.getContext().get("Header.accept")); | |||
if (method != Methods.HEAD) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is the exception on method HEAD needed here?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That's not needed anymore indeed. I will remove it
core/src/test/java/org/frankframework/http/rest/ApiListenerServletTest.java
Show resolved
Hide resolved
@@ -579,9 +579,11 @@ else if(segment.startsWith("{") && segment.endsWith("}")) { | |||
*/ | |||
response.addHeader("Allow", (String) messageContext.get("allowedMethods")); | |||
|
|||
if (!Message.isEmpty(result)) { | |||
if (!Message.isEmpty(result) && result.size() != -1) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is not the correct change because you now make setting content-type dependent on result-size being known.
What I had suggested earlier was to combine (!Message.isEmpty(result) || method == ApiListener.HttpMethod.HEAD)
Checking for size can be done in a nested if
. And when setting content-length on the response, you should not need to also add a header content-length
because the HttpResponse implementation should do this for you.
} else { | ||
response.setContentLength(0); | ||
response.addHeader("content-length", "0"); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Now you always set content-length to 0 when method = HEAD?
I thought that that goes against the intention?
Response result = service(createRequest(uri, Methods.HEAD, null, headers)); | ||
|
||
// Assert | ||
assertEquals(200, result.getStatus()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I do not see a check here that the content of the response is empty. That check is perhaps the most important check to validate if HEAD did what it is supposed to do.
assertEquals("OPTIONS, HEAD", result.getHeader("Allow")); | ||
assertNull(result.getErrorMessage()); | ||
assertFalse(result.containsHeader("etag")); | ||
assertEquals("0", result.getHeader("content-length")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The length of the response should not have been 0 as the response-content that would have been returned by GET would have been {"tralalalallala"}
.
assertNull(result.getErrorMessage()); | ||
assertFalse(result.containsHeader("etag")); | ||
assertEquals("0", result.getHeader("content-length")); | ||
assertEquals("*/*", result.getHeader("content-type")); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm surprised that the content-type header is */*
and not JSON. Can you please set the mimetype on the repeatableMessage
to JSON? Or otherwise the produces
on the ApiListenerBuilder?
public void apiListenerWithHeadMethodCall() throws Exception { | ||
// Arrange | ||
String uri = "/apiListenerWithHeadMethodCall"; | ||
Message repeatableMessage = Message.asMessage(new Message("{\"tralalalallala\":true}").asByteArray()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
After applying other comments to this test, I would like a copy of this test where this repeatableMessage
is constructed with an empty string, but the size set to something like 20 by setting the corresponding key in the MessageContext. Then the content-length returned by HEAD should also be 20.
Co-authored-by: J. Koster <j.koster@gmx.com>
/* | ||
* Finalize the pipeline and write the result to the response | ||
*/ | ||
final boolean outputWritten = writeToResponseStream(response, result); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sluiten we deze wel?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I've made some changes in #6148 so one of us needs to merge those :)
…442-Implement-method-head-in-ApiListener # Conflicts: # core/src/main/java/org/frankframework/http/rest/ApiListener.java
@@ -240,6 +226,7 @@ public boolean accepts(@Nullable String acceptHeader) { | |||
* HTTP method to listen to | |||
* @ff.default GET | |||
*/ | |||
@Deprecated |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Deprecated |
Deze moet hier denk ik niet?
Quality Gate passedKudos, no new issues were introduced! 0 New issues |
@@ -577,15 +577,18 @@ | |||
/* | |||
* Add headers | |||
*/ | |||
response.addHeader("Allow", (String) messageContext.get("allowedMethods")); | |||
response.addHeader("Allow", (String) pipelineSession.get("allowedMethods")); |
Check warning
Code scanning / CodeQL
HTTP response splitting Medium
No description provided.